From 84e2badd34ab1ce4b8bf5852e7e1eaf9b10e4650 Mon Sep 17 00:00:00 2001 From: Roland Schneider Date: Thu, 18 Feb 2016 22:51:55 +0100 Subject: [PATCH] fix backend user access, fix payout cart account change --- backend/controllers/CardPackageController.php | 30 +++++++++------ backend/controllers/ContractController.php | 29 ++++++++------ backend/controllers/DoorLogController.php | 36 +++++++++++------- backend/controllers/KeyController.php | 14 ++++++- .../controllers/MessageDetstaController.php | 30 +++++++++------ .../TicketInstallmentRequestController.php | 2 + backend/controllers/TransferController.php | 1 + backend/controllers/UgiroController.php | 1 + backend/models/TransferSearch.php | 38 ++++++++++++++++++- backend/views/key/update.php | 4 +- backend/views/key/view.php | 29 +++++++------- changelog.txt | 3 ++ common/config/params.php | 2 +- frontend/controllers/ProductController.php | 2 +- 14 files changed, 153 insertions(+), 68 deletions(-) diff --git a/backend/controllers/CardPackageController.php b/backend/controllers/CardPackageController.php index 2c9ae59..d09c7f1 100644 --- a/backend/controllers/CardPackageController.php +++ b/backend/controllers/CardPackageController.php @@ -21,20 +21,26 @@ use common\components\Upload; /** * CardPackageController implements the CRUD actions for CardPackage model. */ -class CardPackageController extends Controller { - public function behaviors() { - return [ - 'verbs' => [ - 'class' => VerbFilter::className (), - 'actions' => [ - 'delete' => [ - 'post' - ] - ] - ] +class CardPackageController extends \backend\controllers\BackendController { + + + public function behaviors() + { + return [ + 'access' => [ + 'class' => \yii\filters\AccessControl::className(), + 'rules' => [ + // allow authenticated users + [ + 'actions' => ['create','index','view','import','download'], + 'allow' => true, + 'roles' => ['admin','employee','reception'], + ], + // everything else is denied + ], + ], ]; } - /** * Lists all CardPackage models. * diff --git a/backend/controllers/ContractController.php b/backend/controllers/ContractController.php index e8780ea..f434a1c 100644 --- a/backend/controllers/ContractController.php +++ b/backend/controllers/ContractController.php @@ -15,20 +15,27 @@ use backend\models\ContractRequestSearch; /** * ContractController implements the CRUD actions for Contract model. + * + * TODO: FIX CONTROLLER */ class ContractController extends Controller { - public function behaviors() - { - return [ - 'verbs' => [ - 'class' => VerbFilter::className(), - 'actions' => [ - 'delete' => ['post'], - ], - ], - ]; - } + public function behaviors() { + return [ + 'access' => [ + 'class' => \yii\filters\AccessControl::className(), + 'rules' => [ + // allow authenticated users + [ + 'actions' => [ ], + 'allow' => true, + 'roles' => ['admin','employee','reception'], + ], + // everything else is denied + ], + ], + ]; + } /** * Lists all Contract models. diff --git a/backend/controllers/DoorLogController.php b/backend/controllers/DoorLogController.php index ed97c17..7082315 100644 --- a/backend/controllers/DoorLogController.php +++ b/backend/controllers/DoorLogController.php @@ -11,20 +11,28 @@ use yii\filters\VerbFilter; /** * DoorLogController implements the CRUD actions for DoorLog model. + * + * TODO: FIX ACCESS */ class DoorLogController extends Controller { - public function behaviors() - { - return [ - 'verbs' => [ - 'class' => VerbFilter::className(), - 'actions' => [ - 'delete' => ['post'], - ], - ], - ]; - } + public function behaviors() + { + return [ + 'access' => [ + 'class' => \yii\filters\AccessControl::className(), + 'rules' => [ + // allow authenticated users + [ + 'actions' => [ ], + 'allow' => true, + 'roles' => ['admin','employee','reception'], + ], + // everything else is denied + ], + ], + ]; + } /** * Lists all DoorLog models. @@ -57,7 +65,6 @@ class DoorLogController extends Controller * Creates a new DoorLog model. * If creation is successful, the browser will be redirected to the 'view' page. * @return mixed - */ public function actionCreate() { $model = new DoorLog(); @@ -70,13 +77,13 @@ class DoorLogController extends Controller ]); } } + */ /** * Updates an existing DoorLog model. * If update is successful, the browser will be redirected to the 'view' page. * @param integer $id * @return mixed - */ public function actionUpdate($id) { $model = $this->findModel($id); @@ -89,19 +96,20 @@ class DoorLogController extends Controller ]); } } + */ /** * Deletes an existing DoorLog model. * If deletion is successful, the browser will be redirected to the 'index' page. * @param integer $id * @return mixed - */ public function actionDelete($id) { $this->findModel($id)->delete(); return $this->redirect(['index']); } + */ /** * Finds the DoorLog model based on its primary key value. diff --git a/backend/controllers/KeyController.php b/backend/controllers/KeyController.php index 3a855aa..847401b 100644 --- a/backend/controllers/KeyController.php +++ b/backend/controllers/KeyController.php @@ -27,7 +27,19 @@ class KeyController extends Controller { 'post' ] ] - ] + ] , + 'access' => [ + 'class' => \yii\filters\AccessControl::className(), + 'rules' => [ + // allow authenticated users + [ + 'actions' => ['create','index','view','update'], + 'allow' => true, + 'roles' => ['admin','employee','reception'], + ], + // everything else is denied + ], + ], ]; } diff --git a/backend/controllers/MessageDetstaController.php b/backend/controllers/MessageDetstaController.php index 9f2eb15..d1652dc 100644 --- a/backend/controllers/MessageDetstaController.php +++ b/backend/controllers/MessageDetstaController.php @@ -13,20 +13,28 @@ use common\components\DetStaDBSave; /** * MessageDetstaController implements the CRUD actions for MessageDetsta model. + * + * TODO : FIX ACCESS */ class MessageDetstaController extends Controller { - public function behaviors() - { - return [ - 'verbs' => [ - 'class' => VerbFilter::className(), - 'actions' => [ - 'delete' => ['post'], - ], - ], - ]; - } + public function behaviors() + { + return [ + 'access' => [ + 'class' => \yii\filters\AccessControl::className(), + 'rules' => [ + // allow authenticated users + [ + 'actions' => [ ], + 'allow' => true, + 'roles' => ['admin','employee','reception'], + ], + // everything else is denied + ], + ], + ]; + } /** * Lists all MessageDetsta models. diff --git a/backend/controllers/TicketInstallmentRequestController.php b/backend/controllers/TicketInstallmentRequestController.php index 9feea6a..2712810 100644 --- a/backend/controllers/TicketInstallmentRequestController.php +++ b/backend/controllers/TicketInstallmentRequestController.php @@ -15,6 +15,8 @@ use backend\models\GiroKotegForm; /** * TicketInstallmentRequestController implements the CRUD actions for TicketInstallmentRequest model. + * + * TODO: FIX ACCESS */ class TicketInstallmentRequestController extends Controller { diff --git a/backend/controllers/TransferController.php b/backend/controllers/TransferController.php index d4d15a1..66b538b 100644 --- a/backend/controllers/TransferController.php +++ b/backend/controllers/TransferController.php @@ -61,6 +61,7 @@ class TransferController extends \backend\controllers\BackendController 'accounts' => $accounts, 'users' => $users, ]); + } /** diff --git a/backend/controllers/UgiroController.php b/backend/controllers/UgiroController.php index e9aee21..ce034ee 100644 --- a/backend/controllers/UgiroController.php +++ b/backend/controllers/UgiroController.php @@ -14,6 +14,7 @@ use yii\web\UploadedFile; /** * UgiroController implements the CRUD actions for Ugiro model. + * TODO: FIX ACCESS */ class UgiroController extends Controller { diff --git a/backend/models/TransferSearch.php b/backend/models/TransferSearch.php index 8772ac0..ee066fe 100644 --- a/backend/models/TransferSearch.php +++ b/backend/models/TransferSearch.php @@ -69,12 +69,12 @@ class TransferSearch extends Transfer $query = Transfer::find(); $query->innerJoinWith('account'); + $query->innerJoin('user', " user.id = transfer.id_user"); if ( !RoleDefinition::isAdmin() ){ $query->innerJoin("user_account_assignment",'transfer.id_account = user_account_assignment.id_account' ); $query->andWhere(['user_account_assignment.id_user' => Yii::$app->user->id ]); - $query->andWhere(['account.type' => Account::TYPE_ALL ]); if ( RoleDefinition::isReception()){ @@ -84,6 +84,42 @@ class TransferSearch extends Transfer $dataProvider = new ActiveDataProvider([ 'query' => $query, + 'sort' =>[ + 'attributes' =>[ + 'paid_at' =>[ + 'asc' => ['transfer.paid_at' => SORT_ASC ], + 'desc' => ['transfer.paid_at' => SORT_DESC], + ], + 'created_at' =>[ + 'asc' => ['transfer.created_at' => SORT_ASC ], + 'desc' => ['transfer.created_at' => SORT_DESC], + ], + 'status' =>[ + 'asc' => ['transfer.status' => SORT_ASC ], + 'desc' => ['transfer.status' => SORT_DESC], + ], + 'money' =>[ + 'asc' => ['transfer.money' => SORT_ASC ], + 'desc' => ['transfer.money' => SORT_DESC], + ], + 'count' =>[ + 'asc' => ['transfer.count' => SORT_ASC ], + 'desc' => ['transfer.count' => SORT_DESC], + ], + 'item_price' =>[ + 'asc' => ['transfer.item_price' => SORT_ASC ], + 'desc' => ['transfer.item_price' => SORT_DESC], + ], + 'id_account' =>[ + 'asc' => ['account.name' => SORT_ASC ], + 'desc' => ['account.name' => SORT_DESC], + ], + 'id_user' =>[ + 'asc' => ['user.username' => SORT_ASC ], + 'desc' => ['user.username' => SORT_DESC], + ], + ] + ] ]); diff --git a/backend/views/key/update.php b/backend/views/key/update.php index 10fab8e..4f77041 100644 --- a/backend/views/key/update.php +++ b/backend/views/key/update.php @@ -6,9 +6,7 @@ use common\models\Key; /* @var $this yii\web\View */ /* @var $model common\models\Key */ -$this->title = Yii::t('backend/key', 'Update {modelClass}: ', [ - 'modelClass' => 'Key', -]) . ' ' . $model->id_key; +$this->title = "Kulcs módosítása"; $this->params['breadcrumbs'][] = ['label' => Yii::t('backend/key', 'Keys'), 'url' => ['index']]; $this->params['breadcrumbs'][] = ['label' => $model->id_key, 'url' => ['view', 'id' => $model->id_key]]; $this->params['breadcrumbs'][] = Yii::t('backend/key', 'Update'); diff --git a/backend/views/key/view.php b/backend/views/key/view.php index 6488b8a..eb80e9b 100644 --- a/backend/views/key/view.php +++ b/backend/views/key/view.php @@ -2,11 +2,13 @@ use yii\helpers\Html; use yii\widgets\DetailView; +use common\models\Key; +use common\components\Helper; /* @var $this yii\web\View */ /* @var $model common\models\Key */ -$this->title = $model->id_key; +$this->title = "Kulcs részletek"; $this->params['breadcrumbs'][] = ['label' => Yii::t('backend/key', 'Keys'), 'url' => ['index']]; $this->params['breadcrumbs'][] = $this->title; ?> @@ -16,25 +18,26 @@ $this->params['breadcrumbs'][] = $this->title;

$model->id_key], ['class' => 'btn btn-primary']) ?> - $model->id_key], [ - 'class' => 'btn btn-danger', - 'data' => [ - 'confirm' => Yii::t('backend/key', 'Are you sure you want to delete this item?'), - 'method' => 'post', - ], - ]) ?>

$model, 'attributes' => [ - 'id_key', + [ + 'attribute' => 'id_key', + 'label' =>"Kulcs azon." + ], 'number', 'rfid_key', - 'status', - 'type', - 'created_at', - 'updated_at', + [ + 'attribute' => 'status', + 'value' => Helper::getArrayValue( Key::statuses() ,$model->status, "Ismeretlen" ) + ], + [ + 'attribute' => 'type', + 'value' => Helper::getArrayValue( Key::types() ,$model->type, "Ismeretlen" ) + ], + 'created_at:datetime', ], ]) ?> diff --git a/changelog.txt b/changelog.txt index 287fa50..5087be4 100644 --- a/changelog.txt +++ b/changelog.txt @@ -1,3 +1,6 @@ +-0.0.37 + - fix backend user acces + - fix sell product account will not anymore changed -0.0.36 - Door log- add account - Key import - no menu ( key/import ) diff --git a/common/config/params.php b/common/config/params.php index 9f79908..a349dfa 100644 --- a/common/config/params.php +++ b/common/config/params.php @@ -4,7 +4,7 @@ return [ 'supportEmail' => 'rocho02@gmail.com', 'infoEmail' => 'info@rocho-net.hu', 'user.passwordResetTokenExpire' => 3600, - 'version' => 'v0.0.36', + 'version' => 'v0.0.37', 'company' => 'movar',//gyor 'company_name' => "Freimann Kft.", 'product_visiblity' => 'account',// on reception which products to display. account or global diff --git a/frontend/controllers/ProductController.php b/frontend/controllers/ProductController.php index 0aab87c..81991c2 100644 --- a/frontend/controllers/ProductController.php +++ b/frontend/controllers/ProductController.php @@ -177,7 +177,7 @@ class ProductController extends Controller { $connection = \Yii::$app->db; $transaction = $connection->beginTransaction (); try { - UserSoldItem::payout ( $user, $model->transfers , Account::readDefault() ); + UserSoldItem::payout ( $user, $model->transfers ); $transaction->commit (); \Yii::$app->session->setFlash ( 'success', 'Recepicó kosár fizetve' ); } catch ( Exception $e ) {